Computer-readable medium for providing access to verified personal background data

ABSTRACT

Access to verified personal background data is provided in the form of an electronic document that includes a data record having personal background data and corresponding verification information as well as an electronic authentication of the contents of the data record. The data record is associated with a unique identifier. The electronic document may be distributed over a communication network to a person providing the identifier.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of application having Ser. No.10/786,355, filed Feb. 25, 2004, which is a continuation of applicationhaving Ser. No. 09/472,080, filed Dec. 23, 1999, which claims thebenefit of provisional application Ser. No. 60/168,094, filed Nov. 30,1999; these related applications are hereby incorporated herein byreference in their entireties.

TECHNICAL FIELD

The present invention relates to systems and methods for authenticatingand registering personal background data, including over networks andparticularly the Internet.

BACKGROUND ART

Misrepresentations by job applicants of their backgrounds put employersat risk of hiring persons lacking in training or experience thatemployers were counting on when the applicants were hired. Indirectlysuch misrepresentations, besides camouflaging the absence of training orexperience, also are indicative of potentially unreliable employees.Employers also risk public embarrassment when an employee'smisrepresentations are discovered, regardless of the employee's jobperformance. There have therefore arisen over time a variety of servicesproviding background checking of applicants for employment.

SUMMARY OF THE INVENTION

In accordance with one aspect of the invention, access to verifiedpersonal background data is provided in the form of an electronicdocument that includes a data record having personal background data andcorresponding verification information as well as an electronicauthentication of the contents of the data record. The data record isassociated with a unique identifier. The electronic document may bedistributed over a communication network to a person providing theidentifier.

In one embodiment there is provided a method of providing access to acandidate's verified personal background data. A data record relating tothe candidate's personal background data is established in a digitalstorage medium. The data record is associated with a unique identifierand includes a set of potentially verifiable components based oninformation supplied by the candidate and a corresponding set of queryresults, the corresponding set including, with respect to eachcomponent, the result of a verification query to a third party. Theidentifier is communicated to the candidate, who may directly orindirectly provide the identifier to others. Upon receipt of theidentifier from an outside user over a communication network, anelectronic document including the data record and an electronicauthentication of the contents of the data record is distributed to theoutside user over the communication network. The electronicauthentication is capable of revealing unauthorized modifications of thecontents of the data record.

The electronic document may be distributed in the form of an electronicmail message or electronic file. The electronic document may bedistributed over the Internet or other communication network. Theelectronic authentication may be an electronic watermark or electroniccertification. The set of components may include the candidate's résuméinformation, in which case the set of query results may includeinformation verifying the candidate's résumé information.

In another embodiment there is provided a system for providing access toa candidate's verified personal background data. The system includes astorage arrangement on which is stored a database having a plurality ofdata records. Each data record relates to personal background data of acandidate. Each data record is associated with a unique identifier thatis communicated to the candidate and includes a set of potentiallyverifiable components based on information supplied by a candidate and acorresponding set of query results, the corresponding set including,with respect to each component, the result of a verification query to athird party. The system also includes a process, running on a computerin communication with the digital storage medium, for selectivelydistributing, to an authorized person presenting an identifier receiveddirectly or indirectly from a candidate, over a communication network,an electronic document including the candidate's data record and anelectronic authentication of the contents of the data record, theelectronic authentication capable of revealing unauthorizedmodifications of the contents of the data record.

In yet another embodiment there is provided a computer-readable mediumhaving embodied therein an electronic document including a data recordand an electronic authentication of the contents of the data record. Thedata record includes a set of potentially verifiable components based oninformation supplied by a candidate and a corresponding set of queryresults, the corresponding set including, with respect to eachcomponent, the result of a verification query to a third party. Theelectronic authentication is capable of revealing unauthorizedmodifications of the contents of the data record.

The electronic authentication may be an electronic watermark orelectronic certification. The set of components may include thecandidate's résumé information, in which case the set of query resultsmay include information verifying the candidate's résumé information.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing features of the invention will be more readily understoodby reference to the following detailed description, taken with referenceto the accompanying drawings, in which:

FIG. 1 is a block diagram of an embodiment of a method in accordancewith the present invention for authenticating a candidate's personalbackground data.

FIG. 2 is a block diagram illustrating generally a process flowassociated with a further embodiment in accordance with the presentinvention.

FIG. 3 is a diagram illustrating a system in accordance with theembodiment of the present invention for carrying out processesaccordingly.

FIGS. 4A and 4B illustrate in further detail logical flow of theregistrant data-entry process of an embodiment similar to that of FIG.2.

FIGS. 5A and 5B illustrate in further detail logical flow of theverification process of an embodiment similar to that of FIG. 2.

FIGS. 6A and 6B illustrate in further detail logical flow of theregistrant-request process of an embodiment similar to that of FIG. 2.

FIGS. 7A through 7C illustrate in further detail logical flow of theprocess for outside requests on a registrant of an embodiment similar tothat of FIG. 2.

FIGS. 8A and 8B illustrate in further detail logical flow of the processfor outside requests on a non-registrant of an embodiment similar tothat of FIG. 2.

FIGS. 9A and 9B illustrate in further detail logical flow of the processfor finding a registrant of an embodiment similar to that of FIG. 2.

DETAILED DESCRIPTION OF SPECIFIC EMBODIMENTS

FIG. 1 is a block diagram of an embodiment of a method in accordancewith the present invention for authenticating a candidate's personalbackground data. In box 11, there is established and stored a datarecord 14 that pertains to the personal background data. The data recordhas a unique identifier 143. The data record also includes a set 141 ofcomponents of the candidate's personal background data.

Each component of the set 141 is potentially verifiable. Examples ofverifiable components of personal background data include present andprevious employers of the candidate, dates of employment by each suchemployer, positions held at each employer and the dates such positionswere held, names of persons who have agreed to serve as references forthe candidate, and the dates they agreed to do so, the text of thereferences or recommendations, educational institutions from which thecandidate was graduated, the degrees granted to such candidate, thedates on which such degrees were granted, branches of the armed forcesin which the candidate served, periods of service in such branches,ranks held during such periods, type of discharge, military medals orhonors, and so forth. What these components have in common is that theyare objective; the components involve factual matters that are eithercorrect or incorrect. Because the components are not affected byindividual judgment, they are susceptible to verification by inquiry tothe pertinent party, such as the employer or educational institution orbranch of the armed forces.

The data record 141 also includes a corresponding set 142 of queryresults. The set 142 includes, with respect to each component, theresult of a verification query to the pertinent third party. If,therefore, the component relates to the candidate's undergraduatedegree, the verification query will be to the candidate's college, andthe result will be a determination that the college did in fact (or didnot) grant a degree to the candidate, and optionally in addition thatthe degree is indeed in the specified field, was indeed granted on thespecified date, etc. These latter options illustrate that each query mayoptionally include one or more sub-queries.

The verifiable component set 141 may include the text of a referencethat the candidate has ascribed to a recommending third party. In thiscase, there is generated a verification query to the recommending thirdparty, and the query, in one embodiment, presents to the recommendingthird party the text of the reference. The query result set 142therefore includes the determination that the recommending third partyis indeed (or is not) the source of the reference. The query result set142 also optionally includes the date that the recommending third partyprovided the reference.

In box 12 the identifier 143 is communicated to the candidate. In box13, access to the data record 14 is permitted when the identifier 143 isprovided. In this manner, verifiable components of the personalbackground data appear in the data record with authenticated results,and the data record is accessible to those who have been given theidentifier by the candidate. The candidate is therefore able to provideselective access to the data record.

Thus, the candidate himself can provide access to his pre-authenticatedbackground data, so that employers or others who are given access cantrust the information they are given. Unlike conventionalbackground-checking services, embodiments according to the invention donot require employers to conduct background checks on candidates.Rather, candidates themselves can provide employers with access topre-authenticated background data.

FIG. 2 is a block diagram illustrating generally a process flowassociated with a further embodiment in accordance with the presentinvention. In this method, long-term storage 28 communicates with sixprocesses, as indicated by the arrows; each of these processes isdescribed in further detail below: registrant data-entry process 21,verification process 22, registrant-request process 23, process 24 foroutside requests on a registrant, process 25 for outside requests on anon-registrant, and process 26 for finding a registrant.

As will be described in further detail below, a registrant enters datain process 21, and the data is communicated to long-term storage 28 forverification and storage. One typical registrant is a job candidate, butmay also be, for example, a candidate for admission to a school or otherinstitution, as will be appreciated by those of skill in the art.Another typical registrant is a person who is currently in a job, butwould like to be able to be found easily based on verifiable data,should the person change jobs or locations in the future. Once theregistrant has entered data through process 21, the data is used forverification process 22. The registrant may then request distribution ofverification results, as in registrant-request process 23. Also, anoutside user may then request verification results, using process 24 foroutside requests on a registrant. The outside user is typically anemployer, but may also be a school or other institution that requiresverification of personal background data. If an outside user requestsverification of data on a person who is not a registrant, the methoduses process 25, for outside requests on non-registrants, to undertake averification process, including verification process 22, and tocommunicate data to long-term storage 28. In process 26, an outside usersearches for a registrant using key data. Here, the outside user neednot be an employer, but may be anyone who wishes to contact a personbased on verified personal background data.

FIG. 3 shows an embodiment of a system in accordance with the presentinvention. Remote computer 31 is connected via a network 32, such as theInternet, to a host computer 34, which may be a World Wide Web server.In the latter case, the host computer 34 provides HTML pages (or pagesin other languages, as known to those of skill in the art), for accessby remote computer 31 by means of which may be entered data, asdescribed below. Processes running on remote computer 31 and hostcomputer 34 enable a job candidate or other registrant to enter personaldata, including a set of data components for verification. The processesthen communicate this data over network 32 to host computer 34, andstore the data in a digital storage medium such as content storage 33,which may be realized as a hard disk drive.

Host computer 34 is connected to a plurality of computers of thirdparties via network 32, including, but not limited to, computers ofemployers (third party 35), educational institutions (third party 36),and military or other government institutions (third party 37). Hostcomputer 34 runs a process which communicates verification queries,based on the stored registrant's data, over network 32 to computers ofthe third parties, including third parties 35, 36, and 37. Separate datacomponents may be communicated to different parties over network 32.Thus, for example, a verifiable component that includes the data that aregistrant attended a given university may be communicated to thirdparty 36, while a verifiable component that includes the data that aregistrant attained a given military rank may be communicated to thirdparty 37. These parties' computers then run processes which communicateback query results to host computer 34, via network 32. A processrunning on host computer 34 stores the query results in a data record ondigital storage medium 33, associating query results separately witheach corresponding verifiable component.

An outside user's remote computer 38 is connected over network 32 tohost computer 34. Processes running on computer 38 and host computer 34enable the outside user to enter a verification request, including a setof components of personal background data for verification; this data isthen communicated over network 32 to host computer 34, which stores therequest in a digital storage medium such as content storage 33.Processes running on computer 34 determine whether the request is on aregistrant or non-registrant. If it is on a registrant, the processretrieves the registrant's data record from digital storage medium 33,and communicates its data to the outside user's remote computer 38. Ifthe request in on a non-registrant, the process performs theverification procedures described above for a registrant's request, andcommunicates the results to the outside user's remote computer 38.

Further information concerning the Internet and E-mail (both of whichterms are used throughout this specification) is provided, for example,in Gralla, How the Internet Works (Ziff-Davis Press, 1996), which ishereby incorporated by reference; see especially pages 44-49.

FIGS. 4A through 9B illustrate the logical flow of methods according toembodiments of the invention. As will be appreciated by one of skill inthe art, these logical flows also illustrate the components of processesrunning on computers in systems according to embodiments of theinvention. For example, they may illustrate the processes describedabove for the system of FIG. 3, in a fashion known to those of skill inthe art.

FIGS. 4A and 4B show the process flow for the registrant data-entryprocess, summarized as process 21 in FIG. 2. At box 401 of FIG. 4A, theuser of a website is shown a welcome screen (HTML page) that introducesthe user to the site, and to the process for data-entry that will bedescribed below. At box 402, the registrant user is shown a descriptionof the service options that the user may elect, including the benefitsand prices of each. The user selects an initial service option at box403, and is shown an overview of the guided registration process in box404. At box 405, the registrant user enters his or her basic contactinformation, and at box 406 enters payment information, such as a creditcard number. At box 407, upon receiving the registrant's information,the host computer assigns a unique alpha-numeric identifier to the file,for internal use only. At box 408, the registrant enters, via atemplate, the personal background data that he or she wishes to verify;each background data component to be verified may be entered using adifferent template.

The registrant data-entry process continues in FIG. 4B. The user is nextshown, in box 409, a template containing the data that he or shecompleted, to review and modify as necessary. An “okay” button near thetemplate allows the registrant to skip to box 411 (below); otherwise,box 409 forms a loop with box 410, in which the registrant is providedwith an opportunity to make changes or corrections to the template data.The registrant is next provided with a yes/no decision on whether tosubmit the template data (box 411), and (if yes) payment is authorized(in box 412) based on the data that the user provided in box 406. Theunique identifier temporarily assigned to the registrant in box 407 isnow assigned to the registrant (box 413). In some embodiments, theregistrant may now set a password, which gives access to his data record(box 414). In box 415, the registrant is shown a “thank you” message,and a summary explanation of the résumé verification process. At thispoint, the registrant's data file is sent to temporary storage, forlater submission to the verification process described below.

FIGS. 5A and 5B explain in detail the verification process, which issummarized as process 22 in the block diagram of FIG. 2. Once theregistrant has entered data, as described above, the verificationprocess occurs. As shown in box 501 of FIG. 5A, the registrant's datafile, created in box 409 above, is first retrieved from storage, in theformat of a Master Verification Document (MVD). The MVD has spaces foroutcomes of query requests of the verification process, for eachpertinent background data component; and a tracking number for the MVD.A tracking number is assigned to the MVD in box 502. The system reviewssubmitted data for completeness and errors, in box 503. If there arenone, the process continues with box 506, below. If there are incompleteor flawed elements in the data record, as determined by pre-establishedstandards programmed into the host computer, the system sends a queryabout the elements to the registrant (by e-mail, for example), alongwith a time limit for response (box 504). If the time limit is exceededfor the registrant's response, the system proceeds with box 506. In box506, the MVD data is divided by third party entities to be contacted,and sorted into those with whom verification can be attempted (for usein box 508) and cannot be (for use in box 507). For those entities withwhom verification cannot be attempted, a proper code is entered on theMVD in a data component set aside for such purpose (box 507).

FIG. 5B continues the verification process. As described in box 508, anelectronic query is sent to third party entities with whom verificationcan be attempted. The query is associated with a precoded time limit forthe third party entity to respond. If the third party responds withinthe time limit, the process continues with box 509; otherwise with box510. In box 509, the information received from the third party entity iscoded and entered on the MVD. The responses, entered on the MVD, may be“verified as reported,” “verified in part” (with the portion verifiednoted), “corrected” (with the third party's correction noted),“authenticity denied,” or “no response received on this item.”Alternatively, the responses may be “confirmed,” “claim is inaccurate,”“unwilling to confirm or deny,” or “unable to confirm or deny.” In box510, if no response is received within the time limit, a second queryfor verification is sent to the third party. If the second query isanswered, the process goes to box 509. If not, the code “no response toquery” is entered on the MVD. With the query process finished, acompleted MVD may be sent to a recipient, as will be described below inconnection with registrant-request process 23, process 24 for outsiderequests on a registrant, process 25 for outside requests on anon-registrant, and process 26 for finding a registrant (box 511). Thecompleted MVD is stored in a data storage medium (box 512).

Note that, while FIGS. 5A and 5B have illustrated an electronic queryprocess, some verification may be done by other means, particularly whenthird parties do not provide the necessary electronic connections. Thus,some verification may be performed by telephone, mail, or facsimile, orother conventional communication techniques.

FIGS. 6A and 6B show in detail the registrant-request process 23,summarized in the block diagram of FIG. 2. In FIG. 6A, the registrantfirst completes a request for distribution, noting what portions of hisor her MVD are to be distributed, and to whom (box 601). The MVD may bedistributed to various third parties, including the types of thirdparties shown in FIG. 3. In one embodiment, the system allows theregistrant to purchase, over the Internet or other network, electronic“chits,” each of which allow the registrant to send a given number ofverified résumés to third parties. In a further embodiment, the systemgenerates a list of e-mail addresses for commonly-requestedinstitutions, in order to aid the registrant in selecting third parties.Once the request for distribution is complete, the system verifies theregistrant's identity by requiring the registrant to enter his uniqueidentifier (from box 413 of FIG. 4B), and password (from box 414 of FIG.4B). The registrant is presented with service options and prices (box603); then the registrant selects a service option (including a choiceof formats for distribution), specifies recipients, and providestransmission information (box 604). Once the registrant has enteredpayment information and authorized payment (boxes 605 and 606), theregistrant's MVD is retrieved from storage (box 607), and, in someembodiments, the registrant is given the opportunity to review the MVDbefore dissemination (box 608). In other embodiments, the processcontinues with box 611 of FIG. 6B.

If the registrant is given the opportunity to review the MVD, then he orshe is given the opportunity to have the MVD updated to reflect new orfuture information (box 609 of FIG. 6B). If the update option isselected (as in box 610 of FIG. 6B), the system, in one embodiment,repeats processes 506 through 510 and then the process continues withbox 611 of FIG. 6B; in this case, information that has already beenauthenticated will remain present in the database, and new informationwill be added. Alternatively, the system may also give the registrantthe opportunity to have the MVD updated at given intervals of time (e.g.every six months) or to have the MVD updated at registrant-determinedintervals of time. In either case, the process continues with box 611 ofFIG. 6B. In box 611, the MVD is disseminated as specified by theregistrant in box 604. A confirmation of MVD dissemination is e-mailedto the registrant in box 612.

When the MVD is distributed, it may be distributed in the form of acertified, tamper-proof or tamper-revealing document, containing thedata record. For example, the MVD may be distributed as a watermarkedoriginal document containing the data record. Alternatively, the MVD maybe distributed as a notarized paper with a seal, or as an e-mail messageor electronic file containing an electronic watermark or electroniccertification. Electronic certification systems are available, forexample, from RSA Security, Bedford, Mass., www.rsasecurity.com,including those using public-private key systems; the contents of thiswebsite are hereby incorporated herein by reference. In each case, thedocument is provided with a certification—that is, marked or identifiedin a way that is indicative of authentication of the document, and in away that is appropriate for the medium of the document (whether paper,electronic, or otherwise).

FIGS. 7A through 7C show the details of process 24 for outside requestson a registrant, summarized in the block diagram of FIG. 2. First, inbox 701 of FIG. 7A, an outside requestor who wishes to receive verifiedbackground data information on a registrant completes a Notice ofRequest for Verification Materials on a Registrant, including theregistrant's unique identifier. Next, the system verifies theregistrant's identity via the registrant's unique identifier (from box413 of FIG. 4B); if the identifier is not valid, the requestor is sentto process 25, described below (box 702). If the registrant's uniqueidentifier is valid, the requestor is asked in box 703 to choose betweenaccessing the registrant's MVD (which requires the MVD tracking numberfrom box 502), or entering specific data to be checked (in which casethe process continues with box 705). The system checks the validity ofthe MVD by its tracking number and checks the integrity of the file (box704). In box 705, the system checks whether pertinent legal regulationsrequire that the registrant be notified of the request, and notifies theregistrant if it is required. Next, the requestor is notified that theMVD is available (box 706). Service options and prices are presented,based on the outcomes of boxes 703 through 706 (box 707), and therequestor selects a service option (including the data format fordissemination), and provides transmission information (box 708).

Continuing as in FIG. 7B, the requestor enters payment information (box709) and authorizes payment (box 710). If the whole MVD is chosen to bedistributed, dissemination to the requestor is completed, and theprocess goes to box 719, below (box 711). If a portion of the MVD ischosen to be distributed, the requestor indicates the selected portion,and then dissemination to the requestor is completed, and the processgoes to box 719. If any MVD data is unavailable, or is not chosen, therequestor first enters the data to be verified (box 713) in a fashionsimilar to boxes 407 through 411, above. A new record is created underthe registrant's unique identifier (obtained from box 413, above), atracking number is assigned for this record (in a similar fashion to box502, above), and the requestor is notified that requested data are inthe verification process. The verification process proceeds in a similarfashion to process 22 (described in detail above), and dissemination tothe requestor is completed. The process continues with box 714.

In box 714 of FIG. 7C, the requestor is given a choice for a record tobe maintained. If he or she chooses not to maintain a record, thetemporary record is inactivated, and the process proceeds to box 719.However, if he or she does choose to maintain a record, the service andprice options are presented (box 715).

Continuing with box 716 of FIG. 7C, the requestor makes the choicedescribed in box 714, is presented with a payment option (box 717) andauthorizes payment (box 718). The verification record is filed with theregistrant's master file in a digital storage medium (box 719). In oneembodiment, the registrant is notified that an Outside VerificationRequest has been filed (box 720).

FIGS. 8A and 8B show the process for an outside request on anon-registrant, summarized as process 25 in the block diagram of FIG. 2.First, a requestor completes a Notice of Request for VerificationMaterials on a non-registrant or without access to the registrant'sunique identifier (box 801). At this point, depending on the privacylaws of relevant jurisdictions, the system may not allow the requestorto have any access to information about the non-registrant. Where theseconditions do not pertain, the requestor is presented with serviceoptions and prices (box 802), selects a service option (including formatfor dissemination), and provides transmission information (box 803). Therequestor enters payment information (box 504) and authorizes payment(box 805). Next, the requestor enters the data to be verified, in aprocess similar to that of boxes 407 to 411 of FIGS. 4A and 4B (box 806)and a temporary unique identifier is assigned to the person whosebackground data will be verified (box 807). The system next checkswhether legal regulations require that the subject of the authenticationbe notified of the request, and notifies the subject if required. Theverification process then proceeds, in a similar fashion to process 22(box 809 of FIG. 8B).

Continuing with FIG. 8B, the requestor next receives the results of theverification process (box 810). In one embodiment, the requestor isgiven the choice for a record to be maintained (box 811). If the choiceis not to maintain a record, the temporary record is inactivated and theprocess continues with box 719. If a record will be maintained, therequestor is presented with service options and prices (box 812), andindicates his choice (box 813). The requestor is also presented withpayment options (box 814) and payment is authorized (box 815). Theverification record is filed under the subject person's uniqueidentifier (box 816) and the person's unique identifier is given to therequestor (box 817).

In yet another embodiment of the present invention, there is anarrangement provided for searching a database of pre-authenticatedbackground data. This embodiment facilitates interpersonal networking byenabling one to search through a database of personal background datathat is authenticated, and enabling individuals to initiate registrationwith such a database. In this embodiment, the procedures described abovefor producing authenticated background data may typically be followed bynumerous registrants. The result is a database of authenticatedbackground data. Once such a database is created, members of the public,including employers, may cause a search of the database to be initiated.The searchers need not have the registrant's unique identifier. Thesearch may use key words and topics of interest. The searchable databasethus facilitates networking, by providing employers and others with theability to initiate a search of a database of personal background datathat is known to be authenticated, and by providing candidates with aforum where their background data can be found, and will not bediscounted as potentially-dishonest.

Alternatively, the searchable database may be implemented as a databasethat is directly accessible over the Internet, including as a World WideWeb server accessible through an HTML-implemented, web-page searchengine.

Key word search methods may be used with the searchable databases. See,for example, the methods described in U.S. Pat. Nos. 5,799,304 (Miller,“Information Evaluation”); 5,649,186 (Ferguson, “System and method for acomputer-based dynamic information clipping service”); 5,537,586 (Amramet al., “Enhanced apparatus and methods for retrieving and selectingprofiled textural information records from a database of definedcategory structures”); 5,418,951 (Damashek, “Method of retrievingdocuments that concern the same topic”); and 5,384,703 (“Withgott etal., “Method and apparatus for summarizing documents according totheme”), which are hereby incorporated herein by reference. Such searchmethods may be used to determine classes of data records to view assearch results.

Embodiments of the invention provide particular advantages fornetworking because they allow for searching of data records where onlyfragmentary information is known about a person. For example, suppose afamous pastry chef registered with a database in a fashion similar tothose described above. His authenticated personal background data wouldthen appear in a data record accessible to those who have been given itsidentifier. Additionally, however, embodiments of the invention allowpersons who wish to find the pastry chef to search through a database ofauthenticated personal background data. The searchers need not beemployers, but could be interested in contacting the pastry chef forother reasons. They might have only fragmentary information about thechef. For example, while the data record contained the pastry chef'sfull name, education, employment background, and history of awards, thesearchers might only know that the chef worked at a given restaurant twoyears ago. Using key word search techniques, each verifiable componentof the data records in the database could be searched to find matchesfor the searchers' request.

Once it filters the data, the system provides searchers with a way ofcontacting the person whose record has been found. This contact methodis provided by the registrant when he registers, in a fashion similar tothat described above, and may include an e-mail address. Alternatively,the system may inform the registrant that the named requestor is lookingfor someone, who may be the registrant, based on the set of data thatthe requestor has specified; thus leaving it to the registrant tocontact the requestor if desired.

In an increasingly mobile world, the searchable database thusfacilitates finding former colleagues, or members of otherorganizations, with skills or interests or characteristics that arebeing sought but on whom key data are now missing.

Note also that data records according to embodiments of the inventionneed not contain a complete record of a person's background data. Thus,for example, the pastry chef's data record might include only verifiablecomponents related to his work at one restaurant, and not contain hiseducational background. In such a case, a search of the personalbackground database would only attempt to find a record based on thecomponents that were present.

A searchable database embodiment is now described with reference toFIGS. 9A and 9B. The process flow shown in these figures is a detailedversion of process 26 of FIG. 2, for finding a registrant.

First, at step 901, a requestor who wishes to find a party based onauthenticated background data completes a Notice of Request forIdentification of a Party, which may be implemented as a template-basedform on an internet website. This Notice simply informs the system thatthe requestor wishes to find a party, as opposed to using any of theother features of the system that are described above.

As described at step 902, the requestor next fills out an initialtemplate to indicate the kinds of data that the requestor has on theparty. The system lists all of the kinds of data that it stores onregistrants, next to a yes/no query on whether the user has that kind ofinformation. If, for example, the requestor knows that the party workedat an office of a given corporation, in a given city, in a givenposition, during a given timeframe, the requestor would fill out the“yes” box next to the corporation, location, job position, and dates ofemployment fields.

At step 903, the system determines whether any of the listed fields hasa “yes” box checked next to it. If none do, then the system informs therequestor that the system is unable to perform a search based on thekinds of information that the requestor has on the subject of therequest, and the process is terminated.

If, however, it is determined that the requestor's information fits atleast one of the fields of data in the database, the requestor is toldthat the process will continue, and the process continues with step 904.In step 904, the system presents the requestor with service options andprices. The options may include, for example, the textual format inwhich the search results will be disseminated, the means by which theywill be distributed (e.g. by e-mail, fax, mail, etc.), and the number ofreports which will be sent. The prices may vary based on the expense ofthe service options. The requestor selects a service option, andprovides information necessary to transmit the search results (e.g.e-mail addresses, mail addresses, etc.) (step 905). The requestor enterspayment information and authorizes payment (steps 906 and 907).

At step 908, the requestor is next presented with a Finder Template,which may be a web-page with a series of template fields for completionby the requestor. These fields are structured to elicit information fromany of the fields of information in the database. For example, if thedatabase has information on corporations that employed registrants, anddates that they did so, then there will be template fields correspondingto each of these types of information. Once the requestor has filled outthe Finder Template, the system assigns a temporary identifier to thesearch (step 909) and searches for registrants based on the profileprovided in the requestor's Finder Template (step 910).

Once the system has found data records of registrants, it checks thedata records to see whether each registrant wishes to be notified of anysearch requests which identify his data record, and whether eachregistrant has asked to authorize distribution of any search results(step 911). Such notification preferences are given by registrants whenthey register, in a manner similar to that described in the registrationprocess above. If a registrant has chosen to be notified, the systemnotifies the registrant. If a registrant wishes to authorizedistribution of results, the system sends a request for authorization tothe registrant. Additionally, where pertinent laws require authorizationin order to release background data, the system automatically sends arequest for authorization to the registrant.

Next, if the system has found a record but a release is not granted, therequestor is notified that the subject party has not authorized releaseof the record, and the process is terminated (step 912). If the systemhas found a record, and necessary authorization has been given, or if noauthorization was required at all, the process continues with step 913.

Finally, in step 913, the system distributes records to the requestor,in accordance with the service option which the requestor selected. Inthis way, the process flow of FIGS. 9A and 9B allows people to searchfor information in a database of pre-authenticated personal backgrounddata.

It should be noted that the systems and methods described above shouldnot be confused with systems and methods for verifying that a givenholder of a set of data on a person is indeed that person. The lattersystems and methods include, for example, fingerprinting. Rather, thesystems and methods described above relate to authenticating personalbackground data, whether held by a job candidate or any other person,and also to structuring a database to provide access to authenticatedpersonal background data.

Although this description has set forth the invention with reference toseveral preferred embodiments, those of ordinary skill in the art willunderstand that one may make various modifications without departingfrom the spirit and the scope of the invention, as set forth in theclaims.

What is claimed is:
 1. A non-transitory computer-readable medium havingembodied therein an electronic document, wherein: the medium is coupledto a server that is accessible over a communication network, the serverbeing configured to provide a candidate identifier to a candidate; andthe electronic document comprises: (a) a data record including (i) a setof components based on information supplied by the candidate, eachcomponent being potentially verifiable, and (ii) a corresponding set ofquery results, the corresponding set including, with respect to eachcomponent, the result of a verification query to a third party; and (b)an electronic authentication of the contents of the data record, theelectronic authentication capable of revealing unauthorizedmodifications of the contents of the data record, wherein the server isfurther configured to (a) grant access to the document in response toreceiving the candidate identifier, over the communication network froman outside user wanting verification of personal background data of thecandidate, the outside user having received the candidate identifierdirectly or indirectly from the candidate, and (b) distribute, to theoutside user, over the communication network, in response to receivingthe candidate identifier, the electronic document including the datarecord and the electronic authentication of the contents of the datarecord.
 2. A computer-readable medium according to claim 1, wherein theelectronic authentication is an electronic watermark.
 3. Acomputer-readable medium according to claim 1, wherein the electronicauthentication is an electronic certification.
 4. A computer-readablemedium according to claim 1, wherein the set of components includes thecandidate's résumé information, and wherein the set of query resultsincludes information verifying the candidate's résumé information.